Short script to block tor on centos

block_tor.sh

#!/usr/bin/env sh

set -f
 
function error {
    echo -en "\e[1;31m>>> ERROR: "
    echo -en $1
    echo -e  "\e[0m "
}
 
function warn {
    echo -en "\e[1;33m>>>  WARN: "
    echo -en $1
    echo -e  "\e[0m "
}
 
function info {
    echo -en "\e[1;32m>>>  INFO: "
    echo -en $1
    echo -e  "\e[0m "
}

if [ $UID -ne 0 ]; then
        error "This script needs to be run as root."
        exit 1
fi

info "Checking for ipset"
if ! command -v ipset 2>/dev/null 1>/dev/null; then
        warn "ipset executable not found. checking installation"
        if ! yum list installed ipset 2>/dev/null 1>/dev/null; then
                warn "ipset not installed, installing now"
                yum install -y ipset
        fi
fi

IPSET=$(command -v ipset)
if [ -z "$IPSET" ]; then
        error "You require ipset to continue"
        exit 1
fi

info "Checking for tor-net hash"
if ! ipset list tor-net 2>/dev/null 1>/dev/null; then
        warn "Hash not found, creating now."
        ipset create tor-net hash:ip
fi

info "Populating ipset hash"
ipset flush tor-net 

curl -s https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=8.8.8.8 | grep -v '#' | sort -u | while read ip; do ipset add tor-net $ip; done

info "Checking iptables"
if ! iptables --list RH-Firewall-1-INPUT 2>/dev/null | grep REJECT 2>/dev/null | grep tor-net 2>/dev/null 1>/dev/null; then
        warn "Reject rule not found, adding now"
        iptables --insert RH-Firewall-1-INPUT 7 --match set --set tor-net src,dst --jump REJECT
fi

Is this only possible using iptables or is it also possible to do this if I am using firewalld?

@smiyazaki09 - I haven't used firewalld yet but I was thinking about expanding this out anyway to handle more situations so I can look into it.